Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • This topic is locked This topic is locked
9 replies to this topic

#1 Vancer2

Vancer2

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 09 September 2011 - 03:51 PM

These are the logs i was told to produce and here they are.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Vance at 15:44:03 on 2011-09-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1587 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\DAODx.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"
mRun: [Launch PC Probe II]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{D4287E11-1897-4F0E-92DC-A093E01F5966} : DhcpNameServer = 192.168.7.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"
mRun-x64: [Launch PC Probe II]
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\uahkgoiw.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-9-1 1151096]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110908.030\IDSviA64.sys [2011-9-9 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-8 96896]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2011-6-18 126392]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-1 136824]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 SstpSvc32;Secure Socket Tunneling Protocol Service ;C:\Windows\system32\KBDUSL32.exe --> C:\Windows\system32\KBDUSL32.exe [?]
S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-4-30 718072]
S3 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-12-7 2011944]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-09-08 17:57:24 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2011-09-08 01:15:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-07 21:40:35 -------- d-----w- C:\Users\Vance\AppData\Local\ElevatedDiagnostics
2011-09-05 20:17:03 -------- d-----w- C:\Users\Vance\AppData\Roaming\SUPERAntiSpyware.com
2011-09-05 20:16:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-05 20:16:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-04 23:37:43 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2011-09-04 21:47:46 -------- d-----w- C:\Users\Vance\AppData\Roaming\Malwarebytes
2011-09-04 21:47:38 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-04 21:47:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-04 21:47:35 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-04 21:47:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:45:23 -------- d-----w- C:\Program Files (x86)\directx
2011-09-02 02:39:00 -------- d-----w- C:\Program Files (x86)\Deus Ex - Invisible War
2011-09-02 02:38:07 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-09-02 02:38:07 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-09-02 02:38:07 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-09-02 02:38:07 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-09-02 02:38:07 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-09-02 02:38:02 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-09-02 02:38:01 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-09-01 21:32:22 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 21:32:22 785368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 21:32:22 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 21:32:22 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 21:32:22 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-01 21:32:22 1846232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 21:32:22 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 21:32:22 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-01 06:22:39 20480 ----a-w- C:\Windows\svchost.exe
2011-08-29 03:32:16 -------- d-----w- C:\Users\Vance\AppData\Local\dxhr
2011-08-29 03:30:15 -------- d-----w- C:\Users\Vance\AppData\Local\28050
2011-08-29 03:20:02 -------- d-----w- C:\Deus Ex
2011-08-24 19:09:12 -------- d-----w- C:\Program Files (x86)\RAR Password Recovery Magic
2011-08-21 02:29:43 -------- d-----w- C:\traomer
2011-08-16 16:24:51 -------- d-----w- C:\Program Files (x86)\BoBaFeTT Diablo Trainer
2011-08-13 16:58:45 -------- d-----w- C:\Program Files (x86)\Hero Editor
2011-08-13 16:58:40 249856 ------w- C:\Windows\Setup1.exe
2011-08-13 16:58:38 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-08-13 16:24:09 94208 ----a-w- C:\Windows\DIIUnin.exe
2011-08-13 16:24:09 2829 ----a-w- C:\Windows\DIIUnin.pif
2011-08-13 16:15:33 -------- d-----w- C:\Program Files (x86)\Diablo II
.
==================== Find3M ====================
.
2011-09-04 23:32:38 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-04 23:32:26 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-04 23:32:20 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-08-16 21:53:43 2829 ----a-w- C:\Windows\DiabUnin.pif
2011-08-16 21:53:42 118784 ----a-w- C:\Windows\DiabUnin.exe
2011-08-16 01:52:49 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-15 22:19:08 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-08-13 17:11:35 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2011-08-13 17:11:35 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2011-08-13 17:11:35 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2011-08-09 06:41:14 967 ----a-w- C:\Windows\ScUnin.pif
2011-08-09 06:41:14 94208 ----a-w- C:\Windows\ScUnin.exe
2011-06-20 23:45:14 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-06-15 20:31:53 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 15:45:10.51 ===============

attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Vance at 15:44:03 on 2011-09-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1587 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\DAODx.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"
mRun: [Launch PC Probe II]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{D4287E11-1897-4F0E-92DC-A093E01F5966} : DhcpNameServer = 192.168.7.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe"
mRun-x64: [Launch PC Probe II]
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\uahkgoiw.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-9-1 1151096]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110908.030\IDSviA64.sys [2011-9-9 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-8 96896]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2011-6-18 126392]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-1 136824]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
S2 SstpSvc32;Secure Socket Tunneling Protocol Service ;C:\Windows\system32\KBDUSL32.exe --> C:\Windows\system32\KBDUSL32.exe [?]
S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-4-30 718072]
S3 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S4 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-12-7 2011944]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-09-08 17:57:24 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2011-09-08 01:15:36 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-07 21:40:35 -------- d-----w- C:\Users\Vance\AppData\Local\ElevatedDiagnostics
2011-09-05 20:17:03 -------- d-----w- C:\Users\Vance\AppData\Roaming\SUPERAntiSpyware.com
2011-09-05 20:16:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-05 20:16:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-04 23:37:43 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2011-09-04 21:47:46 -------- d-----w- C:\Users\Vance\AppData\Roaming\Malwarebytes
2011-09-04 21:47:38 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-04 21:47:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-04 21:47:35 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-04 21:47:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:45:23 -------- d-----w- C:\Program Files (x86)\directx
2011-09-02 02:39:00 -------- d-----w- C:\Program Files (x86)\Deus Ex - Invisible War
2011-09-02 02:38:07 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-09-02 02:38:07 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-09-02 02:38:07 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-09-02 02:38:07 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-09-02 02:38:07 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-09-02 02:38:02 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-09-02 02:38:01 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-09-01 21:32:22 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 21:32:22 785368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 21:32:22 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 21:32:22 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 21:32:22 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-01 21:32:22 1846232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 21:32:22 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 21:32:22 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-01 06:22:39 20480 ----a-w- C:\Windows\svchost.exe
2011-08-29 03:32:16 -------- d-----w- C:\Users\Vance\AppData\Local\dxhr
2011-08-29 03:30:15 -------- d-----w- C:\Users\Vance\AppData\Local\28050
2011-08-29 03:20:02 -------- d-----w- C:\Deus Ex
2011-08-24 19:09:12 -------- d-----w- C:\Program Files (x86)\RAR Password Recovery Magic
2011-08-21 02:29:43 -------- d-----w- C:\traomer
2011-08-16 16:24:51 -------- d-----w- C:\Program Files (x86)\BoBaFeTT Diablo Trainer
2011-08-13 16:58:45 -------- d-----w- C:\Program Files (x86)\Hero Editor
2011-08-13 16:58:40 249856 ------w- C:\Windows\Setup1.exe
2011-08-13 16:58:38 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-08-13 16:24:09 94208 ----a-w- C:\Windows\DIIUnin.exe
2011-08-13 16:24:09 2829 ----a-w- C:\Windows\DIIUnin.pif
2011-08-13 16:15:33 -------- d-----w- C:\Program Files (x86)\Diablo II
.
==================== Find3M ====================
.
2011-09-04 23:32:38 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-04 23:32:26 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-04 23:32:20 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-08-16 21:53:43 2829 ----a-w- C:\Windows\DiabUnin.pif
2011-08-16 21:53:42 118784 ----a-w- C:\Windows\DiabUnin.exe
2011-08-16 01:52:49 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-08-15 22:19:08 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-08-13 17:11:35 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2011-08-13 17:11:35 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2011-08-13 17:11:35 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2011-08-09 06:41:14 967 ----a-w- C:\Windows\ScUnin.pif
2011-08-09 06:41:14 94208 ----a-w- C:\Windows\ScUnin.exe
2011-06-20 23:45:14 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-06-15 20:31:53 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 15:45:10.51 ===============

I was told to make a link going to the post i made in "Am I infected?
Here it is: http://www.bleepingcomputer.com/forums/topic417451.html

I used ESET online scanner and GMER to try and remove what was believed to be the culprit, But on GMER all of the boxes excluding Services , Registry, and Files could be check marked. Everything else was greyed out so i couldnt scan for those.

Edited by Orange Blossom, 09 September 2011 - 10:52 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 15 September 2011 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please run the following tools in the order listed.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Please post the logs and let me know what problem persists.

#3 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 16 September 2011 - 04:35 PM

heres the log from aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-16 15:52:24
-----------------------------
15:52:24.822 OS Version: Windows x64 6.1.7600
15:52:24.822 Number of processors: 4 586 0x503
15:52:24.823 ComputerName: VANCE-PC UserName: Vance
15:52:28.263 Initialize success
15:52:49.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
15:52:49.837 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
15:52:49.840 Device \Driver\atapi -> MajorFunction fffffa8003e305c0
15:52:51.843 Disk 0 MBR read successfully
15:52:51.844 Disk 0 MBR scan
15:52:51.844 Disk 0 Windows 7 default MBR code found via API
15:52:51.844 Disk 0 unknown MBR code
15:52:51.845 Disk 0 MBR hidden
15:52:51.845 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
15:52:51.846 Disk 0 trace - called modules:
15:52:51.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003e305c0]<<
15:52:51.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035d4060]
15:52:51.848 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80032d2520]
15:52:51.848 5 ACPI.sys[fffff88000fa3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80032d1060]
15:52:51.850 \Driver\atapi[0xfffffa80035429b0] -> IRP_MJ_CREATE -> 0xfffffa8003e305c0
15:52:51.851 Scan finished successfully
15:53:39.637 Disk 0 MBR has been saved successfully to "C:\Users\Vance\Desktop\MBR.dat"
15:53:39.644 The log file has been saved successfully to "C:\Users\Vance\Desktop\aswMBR.txt"


----------------------Heres the log from TDSS---------------------

2011/09/16 15:55:39.0067 5028 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/16 15:55:40.0680 5028 ================================================================================
2011/09/16 15:55:40.0680 5028 SystemInfo:
2011/09/16 15:55:40.0680 5028
2011/09/16 15:55:40.0680 5028 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/16 15:55:40.0680 5028 Product type: Workstation
2011/09/16 15:55:40.0680 5028 ComputerName: VANCE-PC
2011/09/16 15:55:40.0681 5028 UserName: Vance
2011/09/16 15:55:40.0681 5028 Windows directory: C:\Windows
2011/09/16 15:55:40.0681 5028 System windows directory: C:\Windows
2011/09/16 15:55:40.0681 5028 Running under WOW64
2011/09/16 15:55:40.0681 5028 Processor architecture: Intel x64
2011/09/16 15:55:40.0681 5028 Number of processors: 4
2011/09/16 15:55:40.0681 5028 Page size: 0x1000
2011/09/16 15:55:40.0681 5028 Boot type: Normal boot
2011/09/16 15:55:40.0681 5028 ================================================================================
2011/09/16 15:55:40.0774 5028 Initialize success
2011/09/16 15:55:41.0845 5352 ================================================================================
2011/09/16 15:55:41.0845 5352 Scan started
2011/09/16 15:55:41.0845 5352 Mode: Manual;
2011/09/16 15:55:41.0845 5352 ================================================================================
2011/09/16 15:55:42.0794 5352 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/16 15:55:42.0897 5352 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/16 15:55:42.0972 5352 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/16 15:55:43.0161 5352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/16 15:55:43.0203 5352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/16 15:55:43.0221 5352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/16 15:55:43.0286 5352 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/16 15:55:43.0315 5352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/16 15:55:43.0340 5352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/16 15:55:43.0367 5352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/16 15:55:43.0419 5352 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/09/16 15:55:43.0471 5352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/16 15:55:43.0691 5352 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/16 15:55:43.0795 5352 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/16 15:55:43.0837 5352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/16 15:55:43.0860 5352 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/16 15:55:43.0900 5352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/16 15:55:43.0916 5352 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/16 15:55:43.0986 5352 AODDriver4.0 (f312fad7dbd49ed21a194ac71b497832) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
2011/09/16 15:55:44.0000 5352 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
2011/09/16 15:55:44.0051 5352 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/16 15:55:44.0082 5352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/16 15:55:44.0103 5352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/16 15:55:44.0161 5352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/16 15:55:44.0186 5352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/16 15:55:44.0228 5352 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
2011/09/16 15:55:44.0261 5352 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/16 15:55:44.0321 5352 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
2011/09/16 15:55:44.0367 5352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/16 15:55:44.0409 5352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/16 15:55:44.0437 5352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/16 15:55:44.0657 5352 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
2011/09/16 15:55:44.0705 5352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/16 15:55:44.0726 5352 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/16 15:55:44.0749 5352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/16 15:55:44.0765 5352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/16 15:55:44.0798 5352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/16 15:55:44.0823 5352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/16 15:55:44.0858 5352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/16 15:55:44.0874 5352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/16 15:55:44.0893 5352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/16 15:55:44.0998 5352 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
2011/09/16 15:55:45.0032 5352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/16 15:55:45.0059 5352 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/16 15:55:45.0090 5352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/16 15:55:45.0138 5352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/16 15:55:45.0170 5352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/16 15:55:45.0189 5352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/16 15:55:45.0218 5352 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/16 15:55:45.0236 5352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/16 15:55:45.0265 5352 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/16 15:55:45.0311 5352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/16 15:55:45.0356 5352 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/09/16 15:55:45.0394 5352 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/16 15:55:45.0445 5352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/16 15:55:45.0518 5352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/16 15:55:45.0618 5352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/16 15:55:45.0678 5352 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/16 15:55:45.0944 5352 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/16 15:55:46.0012 5352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/16 15:55:46.0097 5352 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/09/16 15:55:46.0155 5352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/16 15:55:46.0226 5352 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/16 15:55:46.0246 5352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/16 15:55:46.0322 5352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/16 15:55:46.0355 5352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/16 15:55:46.0387 5352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/16 15:55:46.0416 5352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/16 15:55:46.0461 5352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/16 15:55:46.0494 5352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/16 15:55:46.0536 5352 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/16 15:55:46.0573 5352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/16 15:55:46.0595 5352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/16 15:55:46.0641 5352 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/16 15:55:46.0674 5352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/16 15:55:46.0771 5352 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
2011/09/16 15:55:46.0827 5352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/16 15:55:46.0880 5352 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/16 15:55:46.0903 5352 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/16 15:55:46.0925 5352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/16 15:55:46.0965 5352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/16 15:55:46.0991 5352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/16 15:55:47.0046 5352 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/16 15:55:47.0084 5352 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/16 15:55:47.0117 5352 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/16 15:55:47.0136 5352 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/16 15:55:47.0156 5352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/16 15:55:47.0180 5352 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/16 15:55:47.0378 5352 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110915.030\IDSvia64.sys
2011/09/16 15:55:47.0401 5352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/16 15:55:47.0501 5352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/16 15:55:47.0549 5352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/16 15:55:47.0583 5352 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/16 15:55:47.0640 5352 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/16 15:55:47.0670 5352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/16 15:55:47.0717 5352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/16 15:55:47.0755 5352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/16 15:55:47.0787 5352 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/16 15:55:47.0851 5352 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
2011/09/16 15:55:47.0887 5352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/16 15:55:47.0925 5352 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/16 15:55:47.0959 5352 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/16 15:55:48.0002 5352 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/16 15:55:48.0018 5352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/16 15:55:48.0134 5352 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/09/16 15:55:48.0190 5352 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/09/16 15:55:48.0250 5352 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/09/16 15:55:48.0290 5352 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/09/16 15:55:48.0315 5352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/16 15:55:48.0386 5352 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/09/16 15:55:48.0407 5352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/16 15:55:48.0427 5352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/16 15:55:48.0450 5352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/16 15:55:48.0490 5352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/16 15:55:48.0512 5352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/16 15:55:48.0574 5352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/16 15:55:48.0613 5352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/16 15:55:48.0637 5352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/16 15:55:48.0660 5352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/16 15:55:48.0682 5352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/16 15:55:48.0698 5352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/16 15:55:48.0731 5352 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/16 15:55:48.0758 5352 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/16 15:55:48.0779 5352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/16 15:55:48.0806 5352 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/16 15:55:48.0828 5352 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/16 15:55:48.0885 5352 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/16 15:55:48.0910 5352 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/16 15:55:48.0935 5352 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/16 15:55:48.0959 5352 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/16 15:55:48.0996 5352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/16 15:55:49.0021 5352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/16 15:55:49.0058 5352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/16 15:55:49.0098 5352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/16 15:55:49.0115 5352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/16 15:55:49.0134 5352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/16 15:55:49.0163 5352 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/16 15:55:49.0184 5352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/16 15:55:49.0209 5352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/16 15:55:49.0251 5352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/16 15:55:49.0285 5352 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/09/16 15:55:49.0323 5352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/16 15:55:49.0357 5352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/16 15:55:49.0557 5352 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110915.024\ENG64.SYS
2011/09/16 15:55:49.0629 5352 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110915.024\EX64.SYS
2011/09/16 15:55:49.0689 5352 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/16 15:55:49.0745 5352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/16 15:55:49.0765 5352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/16 15:55:49.0802 5352 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/16 15:55:49.0832 5352 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/16 15:55:49.0853 5352 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/16 15:55:49.0927 5352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/16 15:55:49.0972 5352 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/16 15:55:50.0036 5352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/16 15:55:50.0077 5352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/16 15:55:50.0149 5352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/16 15:55:50.0208 5352 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/16 15:55:50.0238 5352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/16 15:55:50.0311 5352 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/09/16 15:55:50.0373 5352 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/09/16 15:55:50.0400 5352 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/16 15:55:50.0422 5352 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/16 15:55:50.0469 5352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/16 15:55:50.0497 5352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/16 15:55:50.0550 5352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/16 15:55:50.0591 5352 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/16 15:55:50.0649 5352 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/16 15:55:50.0672 5352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/16 15:55:50.0727 5352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/16 15:55:50.0794 5352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/16 15:55:50.0832 5352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/16 15:55:50.0937 5352 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/16 15:55:50.0959 5352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/16 15:55:50.0998 5352 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/16 15:55:51.0046 5352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/16 15:55:51.0079 5352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/16 15:55:51.0103 5352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/16 15:55:51.0130 5352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/16 15:55:51.0148 5352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/16 15:55:51.0177 5352 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/16 15:55:51.0204 5352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/16 15:55:51.0226 5352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/16 15:55:51.0250 5352 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/16 15:55:51.0270 5352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/16 15:55:51.0288 5352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/16 15:55:51.0321 5352 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/09/16 15:55:51.0343 5352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/16 15:55:51.0366 5352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/16 15:55:51.0392 5352 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/16 15:55:51.0421 5352 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/16 15:55:51.0462 5352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/16 15:55:51.0512 5352 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/16 15:55:51.0551 5352 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/16 15:55:51.0666 5352 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/16 15:55:51.0709 5352 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/16 15:55:51.0748 5352 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/16 15:55:51.0805 5352 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/16 15:55:51.0835 5352 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/16 15:55:51.0881 5352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/16 15:55:51.0912 5352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/16 15:55:51.0942 5352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/16 15:55:51.0962 5352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/16 15:55:51.0998 5352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/16 15:55:52.0015 5352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/16 15:55:52.0034 5352 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/16 15:55:52.0053 5352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/16 15:55:52.0085 5352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/16 15:55:52.0137 5352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/16 15:55:52.0158 5352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/16 15:55:52.0205 5352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/16 15:55:52.0339 5352 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
2011/09/16 15:55:52.0373 5352 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
2011/09/16 15:55:52.0420 5352 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/09/16 15:55:52.0460 5352 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/16 15:55:52.0496 5352 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/16 15:55:52.0532 5352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/16 15:55:52.0576 5352 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/16 15:55:52.0595 5352 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/16 15:55:52.0612 5352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/16 15:55:52.0670 5352 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
2011/09/16 15:55:52.0714 5352 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
2011/09/16 15:55:52.0773 5352 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/09/16 15:55:52.0802 5352 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
2011/09/16 15:55:52.0887 5352 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
2011/09/16 15:55:52.0963 5352 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
2011/09/16 15:55:53.0062 5352 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/09/16 15:55:53.0137 5352 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/16 15:55:53.0174 5352 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/16 15:55:53.0229 5352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/16 15:55:53.0256 5352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/16 15:55:53.0306 5352 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/16 15:55:53.0351 5352 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/16 15:55:53.0433 5352 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/16 15:55:53.0459 5352 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/16 15:55:53.0507 5352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/16 15:55:53.0535 5352 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/16 15:55:53.0589 5352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/16 15:55:53.0614 5352 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/16 15:55:53.0653 5352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/16 15:55:53.0710 5352 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/16 15:55:53.0737 5352 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/16 15:55:53.0773 5352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/16 15:55:53.0796 5352 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/16 15:55:53.0822 5352 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/16 15:55:53.0842 5352 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/16 15:55:53.0868 5352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/16 15:55:53.0892 5352 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/16 15:55:53.0909 5352 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/16 15:55:53.0981 5352 VBoxDrv (e5af6997b59429bc44de616b5a963788) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/09/16 15:55:54.0013 5352 VBoxNetAdp (b4ffc1739b9bd3b0177b16b46caf8420) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/09/16 15:55:54.0034 5352 VBoxNetFlt (5eb23066803668b29d403bc76c63cc70) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/09/16 15:55:54.0087 5352 VBoxUSB (7a4cab9ec7153741520ec8513acdba1d) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/09/16 15:55:54.0145 5352 VBoxUSBMon (e6a42e54d4f7d7756e988f9135796572) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/09/16 15:55:54.0203 5352 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
2011/09/16 15:55:54.0229 5352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/16 15:55:54.0255 5352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/16 15:55:54.0318 5352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/16 15:55:54.0343 5352 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/16 15:55:54.0370 5352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/16 15:55:54.0402 5352 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/16 15:55:54.0420 5352 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/16 15:55:54.0442 5352 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/16 15:55:54.0470 5352 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/16 15:55:54.0501 5352 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/16 15:55:54.0520 5352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/16 15:55:54.0577 5352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/16 15:55:54.0601 5352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/16 15:55:54.0626 5352 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 15:55:54.0636 5352 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 15:55:54.0674 5352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/16 15:55:54.0706 5352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/16 15:55:54.0751 5352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/16 15:55:54.0773 5352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/16 15:55:54.0876 5352 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/16 15:55:54.0907 5352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/16 15:55:54.0953 5352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/16 15:55:55.0004 5352 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/16 15:55:55.0044 5352 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
2011/09/16 15:55:55.0051 5352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/16 15:55:55.0067 5352 Boot (0x1200) (68409c3109a62a1e833c92908e781d58) \Device\Harddisk0\DR0\Partition0
2011/09/16 15:55:55.0081 5352 Boot (0x1200) (7c84ca11b8de50991c4658db968e7571) \Device\Harddisk0\DR0\Partition1
2011/09/16 15:55:55.0085 5352 ================================================================================
2011/09/16 15:55:55.0085 5352 Scan finished
2011/09/16 15:55:55.0085 5352 ================================================================================
2011/09/16 15:55:55.0098 4112 Detected object count: 1
2011/09/16 15:55:55.0098 4112 Actual detected object count: 1
2011/09/16 15:55:57.0904 4112 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/16 15:55:57.0905 4112 \Device\Harddisk0\DR0 - ok
2011/09/16 15:55:57.0905 4112 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/16 15:56:01.0808 5320 Deinitialize success

-----------------------------Heres the log from ComboFix----------------------
ComboFix 11-09-16.01 - Vance 09/16/2011 16:06:45.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2057 [GMT -5:00]
Running from: c:\users\Vance\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Skype\Plugin Manager\SkypePM.exe
c:\programdata\ntuser.dat
c:\users\Vance\AppData\Local\ApplicationHistory
c:\users\Vance\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\users\Vance\AppData\Local\ApplicationHistory\EarthCStudio.exe.6cdbb1b3.ini
c:\users\Vance\AppData\Local\ApplicationHistory\Launcher.exe.2b4f1592.ini.inuse
c:\users\Vance\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Vance\AppData\Local\ApplicationHistory\TurbineInvoker.exe.f5c5ef67.ini
c:\users\Vance\AppData\Local\ApplicationHistory\TurbineLauncher.exe.247941db.ini
c:\windows\svchost.exe
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\mfc100deu.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))
.
.
2011-09-16 21:22 . 2011-09-16 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-12 20:28 . 2011-09-12 20:28 -------- d-----w- c:\program files (x86)\Grunt Mods Studios
2011-09-12 17:39 . 2011-09-16 21:06 -------- d-----w- C:\Dune 2000
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\programdata\ATI
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-12 16:52 . 2011-09-12 16:53 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-12 16:52 . 2011-09-12 16:52 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-12 16:52 . 2011-09-12 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-12 16:52 . 2011-09-12 16:52 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-09-12 16:52 . 2011-09-12 16:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-12 16:52 . 2011-09-12 16:52 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-12 16:51 . 2011-09-12 16:51 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-12 16:49 . 2011-09-12 16:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-12 16:49 . 2011-09-12 16:49 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-12 16:49 . 2011-09-12 16:49 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-12 16:41 . 2011-09-12 16:42 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-12 16:40 . 2011-09-12 16:51 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-12 16:40 . 2011-09-12 16:40 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-12 16:38 . 2011-09-12 16:39 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-12 16:38 . 2011-09-12 16:41 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-12 16:37 . 2011-09-12 16:38 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-12 16:21 . 2011-09-12 16:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-12 16:21 . 2011-09-12 16:34 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-12 16:21 . 2011-09-12 16:33 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-12 16:21 . 2011-09-12 16:21 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-12 16:21 . 2011-09-12 16:21 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-09 18:17 . 2011-09-12 16:55 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-09 18:17 . 2011-09-09 18:17 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-09 18:17 . 2011-09-09 18:17 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:57 . 2011-09-08 17:57 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-09-08 01:15 . 2011-09-08 01:15 -------- d-----w- c:\program files (x86)\ESET
2011-09-07 21:40 . 2011-09-16 18:40 -------- d-----w- c:\users\Vance\AppData\Local\ElevatedDiagnostics
2011-09-05 20:17 . 2011-09-05 20:17 -------- d-----w- c:\users\Vance\AppData\Roaming\SUPERAntiSpyware.com
2011-09-05 20:16 . 2011-09-05 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-05 20:16 . 2011-09-05 20:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-04 23:37 . 2011-09-04 23:37 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\users\Vance\AppData\Roaming\Malwarebytes
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\programdata\Malwarebytes
2011-09-04 21:47 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-04 21:47 . 2011-07-08 12:55 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 21:47 . 2011-09-05 04:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:45 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\directx
2011-09-02 02:39 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\Deus Ex - Invisible War
2011-09-02 02:38 . 2003-09-03 07:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-09-02 02:38 . 2003-09-03 07:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-09-02 02:38 . 2003-09-03 07:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-09-02 02:38 . 2003-09-03 07:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-09-02 02:38 . 2003-09-03 07:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-09-02 02:38 . 2011-09-02 02:38 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-09-02 02:38 . 2011-09-02 02:38 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-09-01 21:32 . 2011-09-06 22:43 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-01 21:32 . 2011-09-06 22:43 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 21:32 . 2011-09-06 22:43 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 21:32 . 2011-09-06 22:43 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 21:32 . 2011-09-06 22:43 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 21:32 . 2011-09-06 22:43 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 21:32 . 2011-08-30 19:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 21:32 . 2011-08-30 19:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-29 03:32 . 2011-09-01 04:42 -------- d-----w- c:\users\Vance\AppData\Local\dxhr
2011-08-29 03:30 . 2011-08-29 03:30 -------- d-----w- c:\users\Vance\AppData\Local\28050
2011-08-29 03:20 . 2011-08-29 03:20 -------- d-----w- C:\Deus Ex
2011-08-24 19:09 . 2011-08-24 19:09 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic
2011-08-21 02:29 . 2011-08-21 02:29 -------- d-----w- C:\traomer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 20:39 . 2010-11-17 09:23 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-16 20:39 . 2010-11-10 03:22 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-16 20:37 . 2010-11-10 03:22 290496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-14 23:25 . 2010-11-10 03:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-12 16:52 . 2011-04-30 15:51 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-12 16:50 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-12 16:49 . 2011-05-25 02:39 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-12 16:38 . 2011-05-25 03:07 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-12 16:35 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-12 16:34 . 2011-05-25 02:50 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-08-16 21:53 . 2011-03-18 03:15 2829 ----a-w- c:\windows\DiabUnin.pif
2011-08-16 21:53 . 2011-03-18 03:15 118784 ----a-w- c:\windows\DiabUnin.exe
2011-08-15 22:19 . 2010-11-17 09:21 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-13 17:11 . 2011-03-20 07:41 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-08-13 17:11 . 2011-03-20 07:41 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-08-13 17:11 . 2011-03-20 07:41 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-08-13 16:58 . 2011-08-13 16:58 249856 ------w- c:\windows\Setup1.exe
2011-08-13 16:58 . 2011-08-13 16:58 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-13 16:24 . 2011-08-13 16:24 94208 ----a-w- c:\windows\DIIUnin.exe
2011-08-13 16:24 . 2011-08-13 16:24 2829 ----a-w- c:\windows\DIIUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 967 ----a-w- c:\windows\ScUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 94208 ----a-w- c:\windows\ScUnin.exe
2011-07-28 22:49 . 2011-07-28 22:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 22:48 . 2011-07-28 22:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-18 04:54 . 2011-07-18 04:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-20 23:45 . 2011-06-12 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\windows\system32\KBDUSL32.exe [x]
R2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-23 718072]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110915.030\IDSvia64.sys [2011-08-31 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-02 136824]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\uahkgoiw.default\
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Launch PC Probe II - (no file)
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-MoW A.S. 1.85.3. crackfix by amat299 1.00 - c:\program files (x86)\1C Company\Men of War. Assault Squad\Uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-DOOM 2 Hell on Earth - c:\finaldoom\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,83,ba,2e,6f,fd,64,27,a1,e3,af,1b,25,f3,bc,fc,61,d2,f0,60,8c,57,fb,
da,51,49,ea,42,8b,56,b7,9a,4e,39,b3,52,6d,41,fa,3b,a9,9b,47,b8,71,23,85,82,\
"??"=hex:0d,0f,3b,4d,c9,ee,a1,4e,69,66,6f,88,16,8f,ab,f0
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,c1,96,e1,78,00,b0,e4,b9,29,d4,17,a9,31,08,de,2e,9c,46,ec,a8,
37,60,b2,cf,15,dc,0c,b0,1c,07,1f,ef,58,13,73,c0,14,10,b5,3d,00,ac,22,02,66,\
"rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
.
**************************************************************************
.
Completion time: 2011-09-16 16:31:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-16 21:31
.
Pre-Run: 233,812,975,616 bytes free
Post-Run: 236,272,193,536 bytes free
.
- - End Of File - - AE888D62C56F229654C0AAA5C000A792


Im noticed after the reboot from tdss the process of svchost with the description of winrscmde is gone. :]

#4 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 16 September 2011 - 04:37 PM

heres the log from aswMBR
along with the file My link
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-16 15:52:24
-----------------------------
15:52:24.822 OS Version: Windows x64 6.1.7600
15:52:24.822 Number of processors: 4 586 0x503
15:52:24.823 ComputerName: VANCE-PC UserName: Vance
15:52:28.263 Initialize success
15:52:49.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
15:52:49.837 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
15:52:49.840 Device \Driver\atapi -> MajorFunction fffffa8003e305c0
15:52:51.843 Disk 0 MBR read successfully
15:52:51.844 Disk 0 MBR scan
15:52:51.844 Disk 0 Windows 7 default MBR code found via API
15:52:51.844 Disk 0 unknown MBR code
15:52:51.845 Disk 0 MBR hidden
15:52:51.845 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
15:52:51.846 Disk 0 trace - called modules:
15:52:51.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003e305c0]<<
15:52:51.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035d4060]
15:52:51.848 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80032d2520]
15:52:51.848 5 ACPI.sys[fffff88000fa3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80032d1060]
15:52:51.850 \Driver\atapi[0xfffffa80035429b0] -> IRP_MJ_CREATE -> 0xfffffa8003e305c0
15:52:51.851 Scan finished successfully
15:53:39.637 Disk 0 MBR has been saved successfully to "C:\Users\Vance\Desktop\MBR.dat"
15:53:39.644 The log file has been saved successfully to "C:\Users\Vance\Desktop\aswMBR.txt"


----------------------Heres the log from TDSS---------------------

2011/09/16 15:55:39.0067 5028 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/16 15:55:40.0680 5028 ================================================================================
2011/09/16 15:55:40.0680 5028 SystemInfo:
2011/09/16 15:55:40.0680 5028
2011/09/16 15:55:40.0680 5028 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/16 15:55:40.0680 5028 Product type: Workstation
2011/09/16 15:55:40.0680 5028 ComputerName: VANCE-PC
2011/09/16 15:55:40.0681 5028 UserName: Vance
2011/09/16 15:55:40.0681 5028 Windows directory: C:\Windows
2011/09/16 15:55:40.0681 5028 System windows directory: C:\Windows
2011/09/16 15:55:40.0681 5028 Running under WOW64
2011/09/16 15:55:40.0681 5028 Processor architecture: Intel x64
2011/09/16 15:55:40.0681 5028 Number of processors: 4
2011/09/16 15:55:40.0681 5028 Page size: 0x1000
2011/09/16 15:55:40.0681 5028 Boot type: Normal boot
2011/09/16 15:55:40.0681 5028 ================================================================================
2011/09/16 15:55:40.0774 5028 Initialize success
2011/09/16 15:55:41.0845 5352 ================================================================================
2011/09/16 15:55:41.0845 5352 Scan started
2011/09/16 15:55:41.0845 5352 Mode: Manual;
2011/09/16 15:55:41.0845 5352 ================================================================================
2011/09/16 15:55:42.0794 5352 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/16 15:55:42.0897 5352 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/16 15:55:42.0972 5352 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/16 15:55:43.0161 5352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/16 15:55:43.0203 5352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/16 15:55:43.0221 5352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/16 15:55:43.0286 5352 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/16 15:55:43.0315 5352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/16 15:55:43.0340 5352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/16 15:55:43.0367 5352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/16 15:55:43.0419 5352 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/09/16 15:55:43.0471 5352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/16 15:55:43.0691 5352 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/16 15:55:43.0795 5352 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/16 15:55:43.0837 5352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/16 15:55:43.0860 5352 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/16 15:55:43.0900 5352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/16 15:55:43.0916 5352 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/16 15:55:43.0986 5352 AODDriver4.0 (f312fad7dbd49ed21a194ac71b497832) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
2011/09/16 15:55:44.0000 5352 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
2011/09/16 15:55:44.0051 5352 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/16 15:55:44.0082 5352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/16 15:55:44.0103 5352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/16 15:55:44.0161 5352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/16 15:55:44.0186 5352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/16 15:55:44.0228 5352 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
2011/09/16 15:55:44.0261 5352 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/16 15:55:44.0321 5352 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
2011/09/16 15:55:44.0367 5352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/16 15:55:44.0409 5352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/16 15:55:44.0437 5352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/16 15:55:44.0657 5352 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
2011/09/16 15:55:44.0705 5352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/16 15:55:44.0726 5352 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/16 15:55:44.0749 5352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/16 15:55:44.0765 5352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/16 15:55:44.0798 5352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/16 15:55:44.0823 5352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/16 15:55:44.0858 5352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/16 15:55:44.0874 5352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/16 15:55:44.0893 5352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/16 15:55:44.0998 5352 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys
2011/09/16 15:55:45.0032 5352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/16 15:55:45.0059 5352 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/16 15:55:45.0090 5352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/16 15:55:45.0138 5352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/16 15:55:45.0170 5352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/16 15:55:45.0189 5352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/16 15:55:45.0218 5352 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/16 15:55:45.0236 5352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/16 15:55:45.0265 5352 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/16 15:55:45.0311 5352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/16 15:55:45.0356 5352 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/09/16 15:55:45.0394 5352 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/16 15:55:45.0445 5352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/16 15:55:45.0518 5352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/16 15:55:45.0618 5352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/16 15:55:45.0678 5352 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/16 15:55:45.0944 5352 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/16 15:55:46.0012 5352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/16 15:55:46.0097 5352 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/09/16 15:55:46.0155 5352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/16 15:55:46.0226 5352 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/16 15:55:46.0246 5352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/16 15:55:46.0322 5352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/16 15:55:46.0355 5352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/16 15:55:46.0387 5352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/16 15:55:46.0416 5352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/16 15:55:46.0461 5352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/16 15:55:46.0494 5352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/16 15:55:46.0536 5352 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/16 15:55:46.0573 5352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/16 15:55:46.0595 5352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/16 15:55:46.0641 5352 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/16 15:55:46.0674 5352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/16 15:55:46.0771 5352 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
2011/09/16 15:55:46.0827 5352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/16 15:55:46.0880 5352 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/16 15:55:46.0903 5352 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/16 15:55:46.0925 5352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/16 15:55:46.0965 5352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/16 15:55:46.0991 5352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/16 15:55:47.0046 5352 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/16 15:55:47.0084 5352 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/16 15:55:47.0117 5352 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/16 15:55:47.0136 5352 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/16 15:55:47.0156 5352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/16 15:55:47.0180 5352 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/16 15:55:47.0378 5352 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110915.030\IDSvia64.sys
2011/09/16 15:55:47.0401 5352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/16 15:55:47.0501 5352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/16 15:55:47.0549 5352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/16 15:55:47.0583 5352 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/16 15:55:47.0640 5352 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/16 15:55:47.0670 5352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/16 15:55:47.0717 5352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/16 15:55:47.0755 5352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/16 15:55:47.0787 5352 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/16 15:55:47.0851 5352 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
2011/09/16 15:55:47.0887 5352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/16 15:55:47.0925 5352 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/16 15:55:47.0959 5352 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/16 15:55:48.0002 5352 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/16 15:55:48.0018 5352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/16 15:55:48.0134 5352 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/09/16 15:55:48.0190 5352 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/09/16 15:55:48.0250 5352 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/09/16 15:55:48.0290 5352 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/09/16 15:55:48.0315 5352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/16 15:55:48.0386 5352 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/09/16 15:55:48.0407 5352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/16 15:55:48.0427 5352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/16 15:55:48.0450 5352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/16 15:55:48.0490 5352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/16 15:55:48.0512 5352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/16 15:55:48.0574 5352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/16 15:55:48.0613 5352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/16 15:55:48.0637 5352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/16 15:55:48.0660 5352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/16 15:55:48.0682 5352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/16 15:55:48.0698 5352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/16 15:55:48.0731 5352 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/16 15:55:48.0758 5352 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/16 15:55:48.0779 5352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/16 15:55:48.0806 5352 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/16 15:55:48.0828 5352 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/16 15:55:48.0885 5352 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/16 15:55:48.0910 5352 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/16 15:55:48.0935 5352 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/16 15:55:48.0959 5352 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/16 15:55:48.0996 5352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/16 15:55:49.0021 5352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/16 15:55:49.0058 5352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/16 15:55:49.0098 5352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/16 15:55:49.0115 5352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/16 15:55:49.0134 5352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/16 15:55:49.0163 5352 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/16 15:55:49.0184 5352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/16 15:55:49.0209 5352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/16 15:55:49.0251 5352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/16 15:55:49.0285 5352 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/09/16 15:55:49.0323 5352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/16 15:55:49.0357 5352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/16 15:55:49.0557 5352 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110915.024\ENG64.SYS
2011/09/16 15:55:49.0629 5352 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110915.024\EX64.SYS
2011/09/16 15:55:49.0689 5352 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/16 15:55:49.0745 5352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/16 15:55:49.0765 5352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/16 15:55:49.0802 5352 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/16 15:55:49.0832 5352 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/16 15:55:49.0853 5352 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/16 15:55:49.0927 5352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/16 15:55:49.0972 5352 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/16 15:55:50.0036 5352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/16 15:55:50.0077 5352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/16 15:55:50.0149 5352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/16 15:55:50.0208 5352 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/16 15:55:50.0238 5352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/16 15:55:50.0311 5352 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/09/16 15:55:50.0373 5352 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/09/16 15:55:50.0400 5352 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/16 15:55:50.0422 5352 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/16 15:55:50.0469 5352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/16 15:55:50.0497 5352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/16 15:55:50.0550 5352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/16 15:55:50.0591 5352 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/16 15:55:50.0649 5352 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/16 15:55:50.0672 5352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/16 15:55:50.0727 5352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/16 15:55:50.0794 5352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/16 15:55:50.0832 5352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/16 15:55:50.0937 5352 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/16 15:55:50.0959 5352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/16 15:55:50.0998 5352 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/16 15:55:51.0046 5352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/16 15:55:51.0079 5352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/16 15:55:51.0103 5352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/16 15:55:51.0130 5352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/16 15:55:51.0148 5352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/16 15:55:51.0177 5352 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/16 15:55:51.0204 5352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/16 15:55:51.0226 5352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/16 15:55:51.0250 5352 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/16 15:55:51.0270 5352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/16 15:55:51.0288 5352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/16 15:55:51.0321 5352 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/09/16 15:55:51.0343 5352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/16 15:55:51.0366 5352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/16 15:55:51.0392 5352 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/16 15:55:51.0421 5352 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/16 15:55:51.0462 5352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/16 15:55:51.0512 5352 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/16 15:55:51.0551 5352 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/16 15:55:51.0666 5352 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/16 15:55:51.0709 5352 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/16 15:55:51.0748 5352 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/16 15:55:51.0805 5352 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/16 15:55:51.0835 5352 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/16 15:55:51.0881 5352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/16 15:55:51.0912 5352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/16 15:55:51.0942 5352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/16 15:55:51.0962 5352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/16 15:55:51.0998 5352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/16 15:55:52.0015 5352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/16 15:55:52.0034 5352 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/16 15:55:52.0053 5352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/16 15:55:52.0085 5352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/16 15:55:52.0137 5352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/16 15:55:52.0158 5352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/16 15:55:52.0205 5352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/16 15:55:52.0339 5352 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS
2011/09/16 15:55:52.0373 5352 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
2011/09/16 15:55:52.0420 5352 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/09/16 15:55:52.0460 5352 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/16 15:55:52.0496 5352 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/16 15:55:52.0532 5352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/16 15:55:52.0576 5352 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/16 15:55:52.0595 5352 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/16 15:55:52.0612 5352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/16 15:55:52.0670 5352 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
2011/09/16 15:55:52.0714 5352 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
2011/09/16 15:55:52.0773 5352 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/09/16 15:55:52.0802 5352 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS
2011/09/16 15:55:52.0887 5352 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
2011/09/16 15:55:52.0963 5352 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
2011/09/16 15:55:53.0062 5352 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/09/16 15:55:53.0137 5352 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/16 15:55:53.0174 5352 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/16 15:55:53.0229 5352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/16 15:55:53.0256 5352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/16 15:55:53.0306 5352 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/16 15:55:53.0351 5352 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/16 15:55:53.0433 5352 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/16 15:55:53.0459 5352 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/16 15:55:53.0507 5352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/16 15:55:53.0535 5352 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/16 15:55:53.0589 5352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/16 15:55:53.0614 5352 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/16 15:55:53.0653 5352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/16 15:55:53.0710 5352 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/16 15:55:53.0737 5352 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/16 15:55:53.0773 5352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/16 15:55:53.0796 5352 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/16 15:55:53.0822 5352 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/16 15:55:53.0842 5352 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/16 15:55:53.0868 5352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/16 15:55:53.0892 5352 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/16 15:55:53.0909 5352 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/16 15:55:53.0981 5352 VBoxDrv (e5af6997b59429bc44de616b5a963788) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/09/16 15:55:54.0013 5352 VBoxNetAdp (b4ffc1739b9bd3b0177b16b46caf8420) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/09/16 15:55:54.0034 5352 VBoxNetFlt (5eb23066803668b29d403bc76c63cc70) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/09/16 15:55:54.0087 5352 VBoxUSB (7a4cab9ec7153741520ec8513acdba1d) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/09/16 15:55:54.0145 5352 VBoxUSBMon (e6a42e54d4f7d7756e988f9135796572) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/09/16 15:55:54.0203 5352 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
2011/09/16 15:55:54.0229 5352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/16 15:55:54.0255 5352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/16 15:55:54.0318 5352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/16 15:55:54.0343 5352 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/16 15:55:54.0370 5352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/16 15:55:54.0402 5352 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/16 15:55:54.0420 5352 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/16 15:55:54.0442 5352 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/16 15:55:54.0470 5352 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/16 15:55:54.0501 5352 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/16 15:55:54.0520 5352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/16 15:55:54.0577 5352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/16 15:55:54.0601 5352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/16 15:55:54.0626 5352 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 15:55:54.0636 5352 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 15:55:54.0674 5352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/16 15:55:54.0706 5352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/16 15:55:54.0751 5352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/16 15:55:54.0773 5352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/16 15:55:54.0876 5352 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/16 15:55:54.0907 5352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/16 15:55:54.0953 5352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/16 15:55:55.0004 5352 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/16 15:55:55.0044 5352 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
2011/09/16 15:55:55.0051 5352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/16 15:55:55.0067 5352 Boot (0x1200) (68409c3109a62a1e833c92908e781d58) \Device\Harddisk0\DR0\Partition0
2011/09/16 15:55:55.0081 5352 Boot (0x1200) (7c84ca11b8de50991c4658db968e7571) \Device\Harddisk0\DR0\Partition1
2011/09/16 15:55:55.0085 5352 ================================================================================
2011/09/16 15:55:55.0085 5352 Scan finished
2011/09/16 15:55:55.0085 5352 ================================================================================
2011/09/16 15:55:55.0098 4112 Detected object count: 1
2011/09/16 15:55:55.0098 4112 Actual detected object count: 1
2011/09/16 15:55:57.0904 4112 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/16 15:55:57.0905 4112 \Device\Harddisk0\DR0 - ok
2011/09/16 15:55:57.0905 4112 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/16 15:56:01.0808 5320 Deinitialize success

-----------------------------Heres the log from ComboFix----------------------
ComboFix 11-09-16.01 - Vance 09/16/2011 16:06:45.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2057 [GMT -5:00]
Running from: c:\users\Vance\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Skype\Plugin Manager\SkypePM.exe
c:\programdata\ntuser.dat
c:\users\Vance\AppData\Local\ApplicationHistory
c:\users\Vance\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\users\Vance\AppData\Local\ApplicationHistory\EarthCStudio.exe.6cdbb1b3.ini
c:\users\Vance\AppData\Local\ApplicationHistory\Launcher.exe.2b4f1592.ini.inuse
c:\users\Vance\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Vance\AppData\Local\ApplicationHistory\TurbineInvoker.exe.f5c5ef67.ini
c:\users\Vance\AppData\Local\ApplicationHistory\TurbineLauncher.exe.247941db.ini
c:\windows\svchost.exe
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\mfc100deu.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))
.
.
2011-09-16 21:22 . 2011-09-16 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-12 20:28 . 2011-09-12 20:28 -------- d-----w- c:\program files (x86)\Grunt Mods Studios
2011-09-12 17:39 . 2011-09-16 21:06 -------- d-----w- C:\Dune 2000
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\programdata\ATI
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-12 16:52 . 2011-09-12 16:53 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-12 16:52 . 2011-09-12 16:52 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-12 16:52 . 2011-09-12 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-12 16:52 . 2011-09-12 16:52 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-09-12 16:52 . 2011-09-12 16:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-12 16:52 . 2011-09-12 16:52 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-12 16:51 . 2011-09-12 16:51 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-12 16:49 . 2011-09-12 16:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-12 16:49 . 2011-09-12 16:49 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-12 16:49 . 2011-09-12 16:49 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-12 16:41 . 2011-09-12 16:42 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-12 16:40 . 2011-09-12 16:51 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-12 16:40 . 2011-09-12 16:40 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-12 16:38 . 2011-09-12 16:39 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-12 16:38 . 2011-09-12 16:41 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-12 16:37 . 2011-09-12 16:38 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-12 16:21 . 2011-09-12 16:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-12 16:21 . 2011-09-12 16:34 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-12 16:21 . 2011-09-12 16:33 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-12 16:21 . 2011-09-12 16:21 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-12 16:21 . 2011-09-12 16:21 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-09 18:17 . 2011-09-12 16:55 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-09 18:17 . 2011-09-09 18:17 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-09 18:17 . 2011-09-09 18:17 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:57 . 2011-09-08 17:57 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-09-08 01:15 . 2011-09-08 01:15 -------- d-----w- c:\program files (x86)\ESET
2011-09-07 21:40 . 2011-09-16 18:40 -------- d-----w- c:\users\Vance\AppData\Local\ElevatedDiagnostics
2011-09-05 20:17 . 2011-09-05 20:17 -------- d-----w- c:\users\Vance\AppData\Roaming\SUPERAntiSpyware.com
2011-09-05 20:16 . 2011-09-05 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-05 20:16 . 2011-09-05 20:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-04 23:37 . 2011-09-04 23:37 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\users\Vance\AppData\Roaming\Malwarebytes
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\programdata\Malwarebytes
2011-09-04 21:47 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-04 21:47 . 2011-07-08 12:55 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 21:47 . 2011-09-05 04:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:45 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\directx
2011-09-02 02:39 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\Deus Ex - Invisible War
2011-09-02 02:38 . 2003-09-03 07:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-09-02 02:38 . 2003-09-03 07:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-09-02 02:38 . 2003-09-03 07:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-09-02 02:38 . 2003-09-03 07:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-09-02 02:38 . 2003-09-03 07:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-09-02 02:38 . 2011-09-02 02:38 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-09-02 02:38 . 2011-09-02 02:38 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-09-01 21:32 . 2011-09-06 22:43 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-01 21:32 . 2011-09-06 22:43 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 21:32 . 2011-09-06 22:43 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 21:32 . 2011-09-06 22:43 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 21:32 . 2011-09-06 22:43 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 21:32 . 2011-09-06 22:43 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 21:32 . 2011-08-30 19:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 21:32 . 2011-08-30 19:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-29 03:32 . 2011-09-01 04:42 -------- d-----w- c:\users\Vance\AppData\Local\dxhr
2011-08-29 03:30 . 2011-08-29 03:30 -------- d-----w- c:\users\Vance\AppData\Local\28050
2011-08-29 03:20 . 2011-08-29 03:20 -------- d-----w- C:\Deus Ex
2011-08-24 19:09 . 2011-08-24 19:09 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic
2011-08-21 02:29 . 2011-08-21 02:29 -------- d-----w- C:\traomer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 20:39 . 2010-11-17 09:23 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-16 20:39 . 2010-11-10 03:22 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-16 20:37 . 2010-11-10 03:22 290496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-14 23:25 . 2010-11-10 03:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-12 16:52 . 2011-04-30 15:51 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-12 16:50 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-12 16:49 . 2011-05-25 02:39 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-12 16:38 . 2011-05-25 03:07 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-12 16:35 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-12 16:34 . 2011-05-25 02:50 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-08-16 21:53 . 2011-03-18 03:15 2829 ----a-w- c:\windows\DiabUnin.pif
2011-08-16 21:53 . 2011-03-18 03:15 118784 ----a-w- c:\windows\DiabUnin.exe
2011-08-15 22:19 . 2010-11-17 09:21 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-13 17:11 . 2011-03-20 07:41 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-08-13 17:11 . 2011-03-20 07:41 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-08-13 17:11 . 2011-03-20 07:41 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-08-13 16:58 . 2011-08-13 16:58 249856 ------w- c:\windows\Setup1.exe
2011-08-13 16:58 . 2011-08-13 16:58 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-13 16:24 . 2011-08-13 16:24 94208 ----a-w- c:\windows\DIIUnin.exe
2011-08-13 16:24 . 2011-08-13 16:24 2829 ----a-w- c:\windows\DIIUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 967 ----a-w- c:\windows\ScUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 94208 ----a-w- c:\windows\ScUnin.exe
2011-07-28 22:49 . 2011-07-28 22:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 22:48 . 2011-07-28 22:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-18 04:54 . 2011-07-18 04:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-20 23:45 . 2011-06-12 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\windows\system32\KBDUSL32.exe [x]
R2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-23 718072]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110915.030\IDSvia64.sys [2011-08-31 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-02 136824]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\uahkgoiw.default\
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Launch PC Probe II - (no file)
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-MoW A.S. 1.85.3. crackfix by amat299 1.00 - c:\program files (x86)\1C Company\Men of War. Assault Squad\Uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-DOOM 2 Hell on Earth - c:\finaldoom\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,83,ba,2e,6f,fd,64,27,a1,e3,af,1b,25,f3,bc,fc,61,d2,f0,60,8c,57,fb,
da,51,49,ea,42,8b,56,b7,9a,4e,39,b3,52,6d,41,fa,3b,a9,9b,47,b8,71,23,85,82,\
"??"=hex:0d,0f,3b,4d,c9,ee,a1,4e,69,66,6f,88,16,8f,ab,f0
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,c1,96,e1,78,00,b0,e4,b9,29,d4,17,a9,31,08,de,2e,9c,46,ec,a8,
37,60,b2,cf,15,dc,0c,b0,1c,07,1f,ef,58,13,73,c0,14,10,b5,3d,00,ac,22,02,66,\
"rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
.
**************************************************************************
.
Completion time: 2011-09-16 16:31:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-16 21:31
.
Pre-Run: 233,812,975,616 bytes free
Post-Run: 236,272,193,536 bytes free
.
- - End Of File - - AE888D62C56F229654C0AAA5C000A792


Im noticed after the reboot from tdss the process of svchost with the description of winrscmde is gone. :]

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 16 September 2011 - 06:08 PM

Open notepad and copy/paste the text in the quote box below into it:


Driver::
SstpSvc32
dump_wmimmc



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#6 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 17 September 2011 - 10:07 PM

Combo fix log


ComboFix 11-09-17.03 - Vance 09/17/2011 21:01:13.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2199 [GMT -5:00]
Running from: c:\users\Vance\Downloads\ComboFix.exe
Command switches used :: c:\users\Vance\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dump_wmimmc
-------\Service_SstpSvc32
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-12 20:28 . 2011-09-12 20:28 -------- d-----w- c:\program files (x86)\Grunt Mods Studios
2011-09-12 17:39 . 2011-09-18 00:04 -------- d-----w- C:\Dune 2000
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\programdata\ATI
2011-09-12 17:19 . 2011-09-12 17:19 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-12 16:52 . 2011-09-12 16:53 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-12 16:52 . 2011-09-12 16:52 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-12 16:52 . 2011-09-12 16:52 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-12 16:52 . 2011-09-12 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-12 16:52 . 2011-09-12 16:52 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-09-12 16:52 . 2011-09-12 16:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-12 16:52 . 2011-09-12 16:52 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-12 16:51 . 2011-09-12 16:51 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-12 16:50 . 2011-09-12 16:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-09-12 16:49 . 2011-09-12 16:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-12 16:49 . 2011-09-12 16:49 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-12 16:49 . 2011-09-12 16:49 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-12 16:41 . 2011-09-12 16:42 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-12 16:40 . 2011-09-12 16:51 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-12 16:40 . 2011-09-12 16:40 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-12 16:38 . 2011-09-12 16:39 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-12 16:38 . 2011-09-12 16:41 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-12 16:38 . 2011-09-12 16:38 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-12 16:37 . 2011-09-12 16:38 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-12 16:21 . 2011-09-12 16:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-12 16:21 . 2011-09-12 16:34 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-12 16:21 . 2011-09-12 16:33 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-12 16:21 . 2011-09-12 16:21 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-12 16:21 . 2011-09-12 16:21 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-09 18:17 . 2011-09-12 16:55 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-09 18:17 . 2011-09-09 18:17 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-09 18:17 . 2011-09-09 18:17 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:57 . 2011-09-08 17:57 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-09-08 01:15 . 2011-09-08 01:15 -------- d-----w- c:\program files (x86)\ESET
2011-09-07 21:40 . 2011-09-16 18:40 -------- d-----w- c:\users\Vance\AppData\Local\ElevatedDiagnostics
2011-09-05 20:17 . 2011-09-05 20:17 -------- d-----w- c:\users\Vance\AppData\Roaming\SUPERAntiSpyware.com
2011-09-05 20:16 . 2011-09-05 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-05 20:16 . 2011-09-05 20:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-04 23:37 . 2011-09-04 23:37 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\users\Vance\AppData\Roaming\Malwarebytes
2011-09-04 21:47 . 2011-09-04 21:47 -------- d-----w- c:\programdata\Malwarebytes
2011-09-04 21:47 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-04 21:47 . 2011-07-08 12:55 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-04 21:47 . 2011-09-05 04:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:45 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\directx
2011-09-02 02:39 . 2011-09-02 02:45 -------- d-----w- c:\program files (x86)\Deus Ex - Invisible War
2011-09-02 02:38 . 2003-09-03 07:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-09-02 02:38 . 2003-09-03 07:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-09-02 02:38 . 2003-09-03 07:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-09-02 02:38 . 2003-09-03 07:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-09-02 02:38 . 2003-09-03 07:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-09-02 02:38 . 2011-09-02 02:38 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-09-02 02:38 . 2011-09-02 02:38 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-09-01 21:32 . 2011-09-06 22:43 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-01 21:32 . 2011-09-06 22:43 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 21:32 . 2011-09-06 22:43 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 21:32 . 2011-09-06 22:43 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 21:32 . 2011-09-06 22:43 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 21:32 . 2011-09-06 22:43 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 21:32 . 2011-08-30 19:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 21:32 . 2011-08-30 19:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-29 03:32 . 2011-09-01 04:42 -------- d-----w- c:\users\Vance\AppData\Local\dxhr
2011-08-29 03:30 . 2011-08-29 03:30 -------- d-----w- c:\users\Vance\AppData\Local\28050
2011-08-29 03:20 . 2011-08-29 03:20 -------- d-----w- C:\Deus Ex
2011-08-24 19:09 . 2011-08-24 19:09 -------- d-----w- c:\program files (x86)\RAR Password Recovery Magic
2011-08-21 02:29 . 2011-08-21 02:29 -------- d-----w- C:\traomer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-18 01:27 . 2010-11-17 09:23 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-18 01:27 . 2010-11-10 03:22 280480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-18 00:46 . 2010-11-10 03:22 290496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-14 23:25 . 2010-11-10 03:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-12 16:52 . 2011-04-30 15:51 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-12 16:50 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-12 16:49 . 2011-05-25 02:39 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-12 16:38 . 2011-05-25 03:07 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-12 16:35 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-12 16:34 . 2011-05-25 02:50 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-08-16 21:53 . 2011-03-18 03:15 2829 ----a-w- c:\windows\DiabUnin.pif
2011-08-16 21:53 . 2011-03-18 03:15 118784 ----a-w- c:\windows\DiabUnin.exe
2011-08-15 22:19 . 2010-11-17 09:21 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-13 17:11 . 2011-03-20 07:41 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-08-13 17:11 . 2011-03-20 07:41 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-08-13 17:11 . 2011-03-20 07:41 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-08-13 16:58 . 2011-08-13 16:58 249856 ------w- c:\windows\Setup1.exe
2011-08-13 16:58 . 2011-08-13 16:58 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-13 16:24 . 2011-08-13 16:24 94208 ----a-w- c:\windows\DIIUnin.exe
2011-08-13 16:24 . 2011-08-13 16:24 2829 ----a-w- c:\windows\DIIUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 967 ----a-w- c:\windows\ScUnin.pif
2011-08-09 06:41 . 2011-08-09 06:37 94208 ----a-w- c:\windows\ScUnin.exe
2011-07-28 22:49 . 2011-07-28 22:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 22:48 . 2011-07-28 22:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-18 04:54 . 2011-07-18 04:54 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-20 23:45 . 2011-06-12 06:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-16_21.26.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-06 06:05 . 2011-09-16 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-06 06:05 . 2011-09-18 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-06 06:05 . 2011-09-18 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-06 06:05 . 2011-09-16 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 21:24 . 2011-09-16 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-18 02:49 . 2011-09-18 02:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-18 02:49 . 2011-09-18 02:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-16 21:24 . 2011-09-16 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-07 07:33 . 2011-09-17 21:49 280924 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-09-18 02:47 242012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-16 21:23 242012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-05 17:47 . 2011-09-18 02:47 14461281 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3645914820-2889787139-2366161757-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
R2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-11-23 718072]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110917.031\IDSvia64.sys [2011-08-31 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-02 136824]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"combofix"="c:\combofix\CF12119.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF12119.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\uahkgoiw.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,83,ba,2e,6f,fd,64,27,a1,e3,af,1b,25,f3,bc,fc,61,d2,f0,60,8c,57,fb,
da,51,49,ea,42,8b,56,b7,9a,4e,39,b3,52,6d,41,fa,3b,a9,9b,47,b8,71,23,85,82,\
"??"=hex:0d,0f,3b,4d,c9,ee,a1,4e,69,66,6f,88,16,8f,ab,f0
.
[HKEY_USERS\S-1-5-21-3645914820-2889787139-2366161757-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,c1,96,e1,78,00,b0,e4,b9,29,d4,17,a9,31,08,de,2e,9c,46,ec,a8,
37,60,b2,cf,15,dc,0c,b0,1c,07,1f,ef,58,13,73,c0,14,10,b5,3d,00,ac,22,02,66,\
"rkeysecu"=hex:98,61,79,c9,42,0c,bd,70,31,d2,f3,74,78,48,ee,a9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\dune 2000\DUNE2000.EXE
c:\dune 2000\Dune2000.dat
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-09-17 22:04:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-18 03:04
ComboFix2.txt 2011-09-16 21:31
.
Pre-Run: 236,051,804,160 bytes free
Post-Run: 235,539,746,816 bytes free
.
- - End Of File - - 05DD33EED0DFE912F2E96539533CFF2A


Security Check log

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 18 September 2011 - 08:14 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23

===

An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android.Adobe recommends... update to Adobe Flash Player 10.3.181.22

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Please let me know if any problem persists.

#8 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 19 September 2011 - 08:38 PM

The process is gone and My computer can now hibernate again I think u can now close this thread thank you so much for your time to help me :] I will be visiting this site again when i have a future problem is there by chance a place I can go to rate or fill out a form to rate my experience here?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 20 September 2011 - 07:10 AM

Glad we could help.

I can go to rate or fill out a form to rate my experience here?

No we do not. Personally I think it would be to subjective. We are all helpers and do this for free.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 27 September 2011 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users